| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <willemdebruijn.kernel.cceee43f5b9b@gmail.com> Date: Tue, 10 Feb 2026 11:14:15 -0500 From: Willem de Bruijn <willemdebruijn.kernel@...il.com> To: Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Willem de Bruijn <willemdebruijn.kernel@...il.com> Cc: Vadim Fedorenko <vadim.fedorenko@...ux.dev>, Willem de Bruijn <willemb@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, "Loktionov, Aleksandr" <aleksandr.loktionov@...el.com>, Kurt Kanzenbach <kurt@...utronix.de>, "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>, "Kitszel, Przemyslaw" <przemyslaw.kitszel@...el.com>, Paul Menzel <pmenzel@...gen.mpg.de>, "Gomes, Vinicius" <vinicius.gomes@...el.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Richard Cochran <richardcochran@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andrew Lunn <andrew+netdev@...n.ch>, "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>, "Keller, Jacob E" <jacob.e.keller@...el.com> Subject: Re: [Intel-wired-lan] [PATCH iwl-next v3] igb: Retrieve Tx timestamp directly from interrupt for i210 Sebastian Andrzej Siewior wrote: > On 2026-02-09 07:46:01 [-0500], Willem de Bruijn wrote: > > > > Yeah, but what is the legacy user here? If you enable HW-timestamps but > > > > never set OPT_TSONLY and the sysctl is also 0 then you reply on the > > > > CAP_NET_RAW later on. Right? > > > > > > Legacy users here means users of HW TX timestamps expecting full skb to > > > be returned back with the TX timestamp. Legacy here means that skb will > > > be returned with headers modified by stack, which is kind of exposure of > > > data, which requires CAP_NET_RAW... > > Ah okay. I assumed the err-queue was the standard way of receiving > timestamps. It is, for tx timestamps. The open question is whether they are queued with or without packet payload. > > > > I just try to justify the CAP_NET_RAW check and if it is required to > > > > move it earlier (where HW timestamps are enabled). And if the sysctl > > > > check is enough then maybe it is not needed. > > > > > > Capabilities should not change during lifetime of the process, should be > > > fine to move. On the other, sysctl can be changed system-wide which may > > > affect users. > > > > Ignore the hardware configuration. That is entirely optional. Some > > devices will timestamp every packet. > > > > The capability check here is per-socket, independent from the system > > hardware configuration. > > > > I don't see how it could be moved. > > > > Before OPT_TSONLY was introduced packets were always queued with their > > payload. The sysctl check was added to optionally disallow this. The > > check could arguably be moved earlier in the socket lifecycle and the > > decision cached in the socket. But then flipping the sysctl would not > > affect existing sockets, so that is a change in ABI behavior. > > You could cache only the part under sk_callback_lock. Can you elaborate a bit? > Any other suggestions? > The access from IRQ is quick and avoids any detours. > The alternative would be to move the whole routine into an aux_worker. > For every driver doing it from the IRQ handler. Perhaps CAP_NET_RAW can be checked in a way that does not require this specific lock. See for instance other examples that instead use sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW). Though that uses current_cred() so probably won't work in interrupt context. Changing the check may subtly change behavior. But that may be acceptable as long as the consequences are clearly described. An alternative would be to delay until dequeue. But that would wake the reader and then drop the packets, so without any data to read. Not practical. The core issue seems to be that the ptp_tx_work is not scheduled quickly enough. I wonder if that is the issue to be fixed. When/why is this too slow?
Powered by blists - more mailing lists